Real expertise
is focused expertise

When asked why he robbed banks, Willy Sutton, the notorious American bank robber, replied, “Because that’s where the money is.”

Why do we focus on the areas we do?
“Because that’s where the threats are.”

Real Cybersecurity

Real Infrastructure security

Real Physical security

Real KYC security

Real Cybersecurity

Real Cybersecurity is…

Awareness
It’s knowing what software you’re actually running, with a crucial focus on all the little pieces that make up the whole, and validating that they are what they should be.

Wariness
It’s software supply chain wariness. Open source is bringing in a whole new source of risk vectors. Weaknesses in every link along the software supply chain —how software goes from a developer writing code to the end user— abound.

Foresight
It’s knowing how to minimize the number of ‘attack surfaces’ as companies make greater use of network and internet-connected technologies, cloud-based services and remote third parties.

Insight
Bad actors are smart thinkers. Which is why minimizing the risk of cyber fraud, ransomware, and data theft requires different smart thinkers. Experts who know how hackers think, how they operate and their goals.

Oversight
Fortifying cyberdefenses in the fast-moving world of cybersecurity is an always-on task. It requires constant oversight. It’s not a snap-your-fingers achievement.

Click to download our cybersecurity PDF

Every company is a data company

Sussman protects your next annual report

Real Infrastructure security

Real Infrastructure security keeps the world going round

But threats are rising.

While the prevalence of OT vulnerabilities presents a challenge for all organizations, critical infrastructure is at increased risk. Disabling critical services, not even necessarily destroying them, is a powerful lever.

Real security is a powerful counter lever.

Critical infrastructure sectors we protect

– Telecom
– Mining
– Oil and Gas
– Power Plants
– Railways
– Airports
– Water Supply

Real Infrastructure security is…

Vigilance
But the vigilance associated with the past is not the vigilance needed for the future.

Knowledge
Infrastructure security is more than physical security, its cybersecurity. Our infrastructure OT and IT assessments and our bespoke designs and plans are rewriting the book on how infrastructure can and must be protected.

Experience
Our experts read an infrastructure’s vulnerabilities with a very specific literacy born of experience securing pipelines, water plants, ports, train stations, airports around the world.

Realism
We have but to recall the havoc caused by pipelines compromised by threat actors to remind ourselves that infrastructure threats are very real. And very consequential.

Click to download our infrastructure PDF

Real Physical security

Real Physical security takes the stairs

When we assess the health of your physical security, expect our experts to review your systems, procedures and protocols with eyes that question, uncover and envisage. And don’t be alarmed if you find us taking the stairs armed with ladders and flashlights. Because bad actors will.

Sussman protects your business’ physical security with…

– Gap analysis
– Threat assessments
– Security training
– Red teaming
– Security systems design and installation

Real Physical security is…

Aware
We must now accept that towers of commerce and public facilities offer target-rich environments for terrorists and criminals alike. Trade centers, malls, concert halls, places of worship and hotels now join mines, airports, power plants and other critical infrastructure as possible targets.

Thorough
Because post-incident due diligence won’t protect a company’s reputation.

No longer optional
Businesses must now be able to to promise and deliver real security to their customers, employees, shareholders, and society. Those who don’t, do so at their peril.

Local
A building or facility is more than its blueprint. It’s also somewhere. Real security considers local conditions.

Click to download our physical security PDF

Real KYC security

Real KYC security is security for your M&A

M&A deals succeed when trust and transparency are at the table. It’s why you really need to know the company you’re buying and the people who are leading it. Sussman KYC security is thorough but responsible, granular but always ethical. Where others scan, Sussman digs.

Real KYC due diligence is…

Consequential
M&As that don’t perform as expected because of lack of KYC due diligence cause serious damage to companies and their boards of directors. The faster deals get approved based on real diligence, the faster companies can move to meet their acquisition objectives.

Smart
About 10 percent of all large mergers and acquisitions are canceled for reasons that include KYC outcomes.

Necessary
The capital markets have been enthralled by genius founders for too long, allowing them to grow without sufficient scrutiny only to be toppled when exposed to the light of day. Post M&A due diligence is not pretty. It protects no one.

Cost effective
Bribery and corruption disempower people and destroys economic growth and opportunity. KYC due diligence is money well spent.

Click to download our KYC security PDF

Real expertise is focused expertise

When asked why he robbed banks, Willy Sutton, the notorious American bank robber, replied, “Because that’s where the money is.”

Why do we focus on the areas we do? “Because that’s where the threats are.”

Real Cybersecurity

Real Cybersecurity is…

Awareness It’s knowing what software you’re actually running, with a crucial focus on all the little pieces that make up the whole, and validating that they are what they should be.

Wariness It’s software supply chain wariness. Open source is bringing in a whole new source of risk vectors. Weaknesses in every link along the software supply chain —how software goes from a developer writing code to the end user— abound.

Foresight It’s knowing how to minimize the number of ‘attack surfaces’ as companies make greater use of network and internet-connected technologies, cloud-based services and remote third parties.

Insight Bad actors are smart thinkers. Which is why minimizing the risk of cyber fraud, ransomware, and data theft requires different smart thinkers. Experts who know how hackers think, how they operate and their goals.

Oversight Fortifying cyberdefenses in the fast-moving world of cybersecurity is an always-on task. It requires constant oversight. It’s not a snap-your-fingers achievement.

Every company is a data company

Sussman protects your next annual report

Real Infrastructure security

Real Infrastructure security keeps the world going round

But threats are rising.

While the prevalence of OT vulnerabilities presents a challenge for all organizations, critical infrastructure is at increased risk. Disabling critical services, not even necessarily destroying them, is a powerful lever.

Real security is a powerful counter lever.

Critical infrastructure sectors we protect

– Telecom – Mining – Oil and Gas – Power Plants – Railways – Airports – Water Supply

Real Infrastructure security is…

Vigilance But the vigilance associated with the past is not the vigilance needed for the future.

Knowledge Infrastructure security is more than physical security, its cybersecurity. Our infrastructure OT and IT assessments and our bespoke designs and plans are rewriting the book on how infrastructure can and must be protected.

Experience Our experts read an infrastructure’s vulnerabilities with a very specific literacy born of experience securing pipelines, water plants, ports, train stations, airports around the world.

Realism We have but to recall the havoc caused by pipelines compromised by threat actors to remind ourselves that infrastructure threats are very real. And very consequential.

Real Physical security

Real Physical security takes the stairs

When we assess the health of your physical security, expect our experts to review your systems, procedures and protocols with eyes that question, uncover and envisage. And don’t be alarmed if you find us taking the stairs armed with ladders and flashlights. Because bad actors will.

Sussman protects your business’ physical security with…

– Gap analysis – Threat assessments – Security training – Red teaming – Security systems design and installation

Real Physical security is…

Aware We must now accept that towers of commerce and public facilities offer target-rich environments for terrorists and criminals alike. Trade centers, malls, concert halls, places of worship and hotels now join mines, airports, power plants and other critical infrastructure as possible targets.

Thorough Because post-incident due diligence won’t protect a company’s reputation.

No longer optional Businesses must now be able to to promise and deliver real security to their customers, employees, shareholders, and society. Those who don’t, do so at their peril.

Local A building or facility is more than its blueprint. It’s also somewhere. Real security considers local conditions.

Real KYC security

Real KYC security is security for your M&A

M&A deals succeed when trust and transparency are at the table. It’s why you really need to know the company you’re buying and the people who are leading it. Sussman KYC security is thorough but responsible, granular but always ethical. Where others scan, Sussman digs.

Real KYC due diligence is…

Consequential M&As that don’t perform as expected because of lack of KYC due diligence cause serious damage to companies and their boards of directors. The faster deals get approved based on real diligence, the faster companies can move to meet their acquisition objectives.

Smart About 10 percent of all large mergers and acquisitions are canceled for reasons that include KYC outcomes.

Necessary The capital markets have been enthralled by genius founders for too long, allowing them to grow without sufficient scrutiny only to be toppled when exposed to the light of day. Post M&A due diligence is not pretty. It protects no one.

Cost effective Bribery and corruption disempower people and destroys economic growth and opportunity. KYC due diligence is money well spent.

Real expertise
is focused expertise

Why do we focus on the areas we do?
“Because that’s where the threats are.”

Awareness
It’s knowing what software you’re actually running, with a crucial focus on all the little pieces that make up the whole, and validating that they are what they should be.

Wariness
It’s software supply chain wariness. Open source is bringing in a whole new source of risk vectors. Weaknesses in every link along the software supply chain —how software goes from a developer writing code to the end user— abound.

Foresight
It’s knowing how to minimize the number of ‘attack surfaces’ as companies make greater use of network and internet-connected technologies, cloud-based services and remote third parties.

Insight
Bad actors are smart thinkers. Which is why minimizing the risk of cyber fraud, ransomware, and data theft requires different smart thinkers. Experts who know how hackers think, how they operate and their goals.

Oversight
Fortifying cyberdefenses in the fast-moving world of cybersecurity is an always-on task. It requires constant oversight. It’s not a snap-your-fingers achievement.

– Telecom
– Mining
– Oil and Gas
– Power Plants
– Railways
– Airports
– Water Supply

Vigilance
But the vigilance associated with the past is not the vigilance needed for the future.

Knowledge
Infrastructure security is more than physical security, its cybersecurity. Our infrastructure OT and IT assessments and our bespoke designs and plans are rewriting the book on how infrastructure can and must be protected.

Experience
Our experts read an infrastructure’s vulnerabilities with a very specific literacy born of experience securing pipelines, water plants, ports, train stations, airports around the world.

Realism
We have but to recall the havoc caused by pipelines compromised by threat actors to remind ourselves that infrastructure threats are very real. And very consequential.

– Gap analysis
– Threat assessments
– Security training
– Red teaming
– Security systems design and installation

Aware
We must now accept that towers of commerce and public facilities offer target-rich environments for terrorists and criminals alike. Trade centers, malls, concert halls, places of worship and hotels now join mines, airports, power plants and other critical infrastructure as possible targets.

Thorough
Because post-incident due diligence won’t protect a company’s reputation.

No longer optional
Businesses must now be able to to promise and deliver real security to their customers, employees, shareholders, and society. Those who don’t, do so at their peril.

Local
A building or facility is more than its blueprint. It’s also somewhere. Real security considers local conditions.

Consequential
M&As that don’t perform as expected because of lack of KYC due diligence cause serious damage to companies and their boards of directors. The faster deals get approved based on real diligence, the faster companies can move to meet their acquisition objectives.

Smart
About 10 percent of all large mergers and acquisitions are canceled for reasons that include KYC outcomes.

Necessary
The capital markets have been enthralled by genius founders for too long, allowing them to grow without sufficient scrutiny only to be toppled when exposed to the light of day. Post M&A due diligence is not pretty. It protects no one.

Cost effective
Bribery and corruption disempower people and destroys economic growth and opportunity. KYC due diligence is money well spent.